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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims: 

1 . (Currently amended) An automation security system, comprising: 

an asset component that defines one or more factory assets an industrial automation 

device ; 

an access component that defines one or more_ a security attribute[[s]] associated with the 
factory assets industrial automation device ; and 

a security component that regulates access to the factory assets industrial automation 
device based upon the one or more security attribute[[s]]. 

2. (Currently Amended) The system of claim 1, the one or more or more security 
attribute[[s]] including at least one of a role attribute, a time attribute, a location attribute, and an 
access type attribute. 

3. (Original) The system of claim 1, the security component is based on at least one of a 
formal threat analysis, a vulnerability analysis, a factory topology mapping and an attack tree 
analysis. 

4. (Original) The system of claim 3, the security component is based on at least one of 
automation and process control security, cryptography, and Authentication/ 
Authorization/ Accounting (AAA). 

5. (Original) The system of claim 1, the asset component describes at least one of factory 
components and groupings, the factory components are at least one of sensors, actuators, 
controllers, I/O modules, communications modules, and human-machine interface (HMI) devices. 
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6. (Original) The system of claim 5, the groupings include factory components that are 
grouped into at least one of machines, machines grouped into lines, and lines grouped into 
facilities. 

7. (Original) The system of claim 5, the groupings have associated severity attributes such as 
at least one of risk and security incident cost. 

8. (Original) The system of claim 7, further comprising an ISA S95 Model for Enterprise to 
Control System Integration to integrate security aspects across or within respective groupings. 

9. (Currently Amended) The system of claim 1 , further comprising a set of generic IT 
components and specifies parameters to assemble and configure the IT components to achieve 
flexible access to the one or more factory assets industrial automation device . 

10. (Original) The system of claim 9, the IT components include at least one of switches with 
virtual local area network (VLAN) capability, routers with access list capability, firewalls, 
virtual private network (VPN) termination devices, intrusion detection systems, AAA servers, 
configuration tools, and monitoring tools. 

1 1 . (Original) The system of claim 1 , further comprising security parameters and policies that 
are developed for physical and electronic security for various component types. 

12. (Original) The system of claim 1 1, the security parameters and policies further 
comprising at least one of security protection levels, identification entry capabilities, integrity 
algorithms, and privacy algorithms. 

13. (Original) The system of claim 1, the security component includes at least one of 
authentication software, virus detection, intrusion detection, authorization software, attack 
detection, protocol checker, and encryption software. 



3 



10/661,239 



03AB014A/ALBRP303USA 



14. (Original) The system of claim 13, the security component at least one of acts as an 
intermediary between an access system and one or more automation components, and facilitates 
communications between the access system and the one or more automation components. 

15. (Currently Amended) The system of claim 2, the security attributes are specified as part 
of a network request to gain access to the one or more factory assets at least one industrial 
automation device , the security attributes included in at least one of a group, set, subset, and 
class. 

16. (Original) The system of claim 15, the security component employs at least one 
authentication procedure and an authorization procedure to process the network request. 

17. (Original) The system of claim 16, further comprising one or more security protocols 
including at least one of Internet Protocol Security (IPSec), Kerberos, Diffie-Hellman exchange, 
Internet Key Exchange (IKE), digital certificate, pre-shared key, and encrypted password, to 
process the network request. 

18. (Original) The system of claim 15, further comprising at least one of an access key and a 
security switch to control network access to a device or network. 

19. (Original) The system of claim 18, the access key further comprises at least one of time, 
location, batch, process, program, calendar, GPS (Global Positioning Information) to specify 
local and wireless network locations, to control access to the device or network. 

20. (Currently amended) An automation security system, comprising: 
a_server[[s]] that manages a network interface between networked factory assets 

industrial automation devices and other devices attempting access to the networked factory assets 
industrial automation devices ; and 

a security management module associated with the network interface for enforcing that 
enforces an enterprise wide policy and te -that m anages security threats directed to the networked 
factory assets industrial automation devices . 
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21 . (Original) The system of claim 20, the security management module at least one of 
schedules audits, establishes a security policy, applies the policy from a single or distributed 
console, and generates reports that identify potential weaknesses in security. 

22. (Original) The system of claim 20, the security management module provides an interface 
to at least one of add, delete and modify security rights of an individual, a group, or a device and 
distribute security information to various controllers and control devices. 

23. (Currently Amended) The system of claim 20, further comprising at least one of: 
an authentication with the one or more server[[s]] to establish a secure link; 

a secure link to authenticate and authorize access to a requestor of the networked factory 
assets industrial automation device ; and 

establishment of a secure session with the requestor if access is authorized. 

24. (Currently amended) An automation security methodology, comprising: 

electronically analyzing one or more automation assets an industrial automation device ; 

programmatically modeling the automation assets industrial automation device in 
accordance with network security considerations; and 

automatically developing a security framework for an automation system based in part 
on the modeling of the automation assets industrial automation device and a network access type. 

25. (Currently Amended) The method of claim 24, further comprising analyzing one or more 
security attributes to determine whether access should be granted to the one or more automation 
assets industrial automation device . 

26. (Original) The method of claim 25, the one or more security attributes further comprise at 
least one of a role, an asset type, a location, a time, and an access type. 
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27. (Currently Amended) The method of claim 24, further comprising at least one of: 
determining whether to grant access to the one or more automation assets industrial 

automation device ; 

granting access from the one or more automation assets industrial automation device ; and 
granting access from a network device associated with the one or more automation assets 
industrial automation device . 

28. (Currently amended) An automated security system for an industrial control environment, 
comprising: 

means for defining one or more security attributes associated with at least one network 
request; 

means for processing the one or more security attributes; 

means for automatically determining which network devices require security resources; 

and 

means for controlling access to at least one of a network device and an industrial 
automation component based in part on the one or more security attributes. 

29. (Currently amended) A security schema for a factory automation system, comprising: 

a first data field that describes factory assets industrial automation devices ; 

a second data field that describes security parameters for the factory assets industrial 
automation devices ; and 

a schema that associates the first and second data fields, the schema employed to limit 
access to the factory assets industrial automation devices based upon the security parameters. 

30. (Original) The system of claim 29, the schema including at least one of an access role, an 
asset type, an access type, time information, address information, and location information. 

3 1 . (Original) The system of claim 29, further comprising a response schema to provide 
status to a requesting network device. 
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32. (Original) The system of claim 3 1 , the response schema including at least one of a status 
field, a time field, an access type field, an access location field, and a key field. 

33 . (Original) The system of claim 3 1 , the response schema including an attachment field to 
indicate other security data follows the response schema. 
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